The present disclosure relates to computing systems for comprehensive information handling, and in particular, to systems and methods for a common on-behalf authorization protocol infrastructure that can be used to authorize access to resources associated with individual users hosted or stored in external service providers.
Unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Various systems provide integrated data access and analysis solutions for various purposes, such as running businesses and social networking. Typical systems use server applications executed on one or more servers that gather and distribute information over secure networks. Many of these systems provide users access to server data and services through the use of corresponding client applications executed on local client computers. While client-server application configurations are very useful for displaying data directly available to the server applications, it is often desirable to integrate and display information from service providers that are external to the network in which the server applications operate.
For example, various customizable enterprise resource planning systems, such as Business ByDesign™ from SAP®, include server applications for viewing, analyzing, and tracking data regarding various aspects of a particular business stored within a particular secure network. However, a user may also wish to view data, documents, files, and other resources stored or managed by an external service provider, such as Google Documents™ from Google®. To access and display data from external service providers, some server applications use variants of available authorization protocols that can obtain authorization to access resources from the external service providers “on-behalf” of particular users. So called “on-behalf” authorization protocols provide an interface through which separate systems or networks can securely and reliably share resources owned or otherwise associated with individual users. Open Authorization (OAuth) is an example of an on-behalf authorization protocol.
However, because service providers have differing security and privacy concerns, the specific variant of the on-behalf authorization protocol used by a service provider is often unique to that service provider. Accordingly, to gain access to user resources from multiple external service providers, a server application would need to execute the authorization protocol specific to each external service provider.
Such service provider specific authorization protocols have some utility when integrating resources from a limited number of external service providers into a limited number of applications of a particular system. However, existing on-behalf authorization protocol interfaces have significant drawbacks and limitations in systems with many developers creating many applications that incorporate resources from multiple external service providers for many users. One particular drawback is that typical on-behalf authorization protocols do not scale very easily or efficiently.
The specificity of each service provider's authorization protocol requires developers creating server applications to be familiar with the multiple authorization protocols and be able to code multiple compatible authorization routines. Since not all developers are familiar with all the authorization protocol variants, creating an authorization procedure for each service provider can be arduous and inefficient. In addition, executing and maintaining each of the service provider specific authorization protocols, when scaled to the degree required to service the many users and server applications of a particular system, can be an inefficient use of development and computing resources. Various embodiments of the present disclosure address these and other issues.